Parsa Rezaie Khiabanloo

6 exploits Active since Jun 2026
CVE-2025-71318 EXPLOITDB CRITICAL text WRITEUP
NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive information including LDAP configuration and active user details, and can invoke privileged UPS control commands — including shutdown, reboot, switch-on-bypass, and battery test — without supplying any credentials.
CVSS 9.8
CVE-2025-71317 EXPLOITDB CRITICAL text WRITEUP
NetMan 204 Hard-coded Backdoor Credentials
NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax parameter validation can be shortened to /cgi-bin/login.cgi?username=eurek%20eurek) to obtain administrator privileges, allowing them to alter device configuration, enable the telnet/SSH services, and reset local user credentials.
CVSS 9.8
EIP-2026-104449 EXPLOITDB text WORKING POC
Splunk 9.0.4 - Information Disclosure
EIP-2026-101284 EXPLOITDB text WRITEUP
Franklin Fueling Systems TS-550 - Exploit and Default Password
EIP-2026-101285 EXPLOITDB text WRITEUP
Franklin Fueling Systems TS-550 - Default Password
EIP-2026-101435 EXPLOITDB text WRITEUP
Schneider Electric v1.0 - Directory traversal & Broken Authentication